Page 594 - COSO Guidance
P. 594

3. Performance for ESG-related risks




               3b. Assesses and prioritizes risks


                Introduction

                Effective risk management requires constant balancing of risk exposures, benefits and expenditures. For
                that reason, management assesses the severity of risks to support prioritization and maximize the strategic,
                financial and operational benefits to an entity.
                ESG-related risks can be challenging to assess and prioritize. By nature, the financial or business implications
                of an ESG-related risk may not be immediately clear or measurable. These challenges are often exacerbated
                by an organization’s (1) limited knowledge of ESG-related risks, (2) tendency to focus on near-term risks without
                paying adequate attention to risks that may arise in the longer term or (3) difficulty quantifying ESG-related
                risks. Even when the severity of an ESG-related risk can be quantified, the outcome may be uncertain. Finally,
                the risk may not be prioritized appropriately simply due to a conscious or unconscious bias towards risks that
                are known or better understood.







                                                   1       GOVERNANCE & CULTURE
                                                           FOR ESG-RELATED RISKS

                                                  2        STRATEGY & OBJECTIVE-SETTING
                                                           FOR ESG-RELATED RISKS

                                                  3        PERFORMANCE
                                                           FOR ESG-RELATED RISKS
                                                        a  IDENTIFIES RISK

                                                        b  ASSESSES & PRIORITIZES RISKS
                                                        c  IMPLEMENTS RISK RESPONSES


                                                  4        REVIEW & REVISION
                                                           FOR ESG-RELATED RISKS

                                                  5        INFORMATION, COMMUNICATION & REPORTING
                                                           FOR ESG-RELATED RISKS




                This sub-chapter relates to the following COSO ERM Framework principles:
                                                                               1
                10   Assesses severity of risk: The organization assesses the severity of risks.
                11   Prioritizes risks: The organization prioritizes risks as a basis for selecting responses to risks.

                The following actions allow risk management and sustainability practitioners to assess the extent to which
                ESG-related risks impact the entity’s strategy, business model and objectives:
                   Understand the required output of the risk assessment (e.g., the impact in terms of the strategy and
                  business objectives)
                   Understand the entity’s criteria for prioritizing risks
                   Understand the metrics used by the entity for expressing risk (i.e., quantitative or qualitative)
                   Select appropriate assessment approaches to measure risk severity
                   Select and document data, parameters and assumptions

                   Leverage subject-matter expertise to prioritize ESG-related risks
                   Identify and challenge organizational bias against ESG issues




               Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018  47
   589   590   591   592   593   594   595   596   597   598   599